Securely Locating a Device

ABSTRACT

Methods, systems, and computer-readable medium for securely locating a mobile device. In one implementation, a method is provided. The method includes receiving first information from a first device, where the first information is usable to identify a geographic location of the first device. The first information is verified as originating from the first device. A first request for the geographic location of the first device is received, where the first request includes second information associated with a user associated with the first device. The geographic location of the first device is provided to the user at a second device.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to U.S. Provisional Patent ApplicationSer. No. 60/979,034 filed Oct. 10, 2007, and entitled “Securely Locatinga Device,” the contents of which are incorporated herein by reference.

TECHNICAL FIELD

The subject matter of this patent application is generally related tomobile devices.

BACKGROUND

Modern mobile devices can provide a number of functionalities, such asaudio or video processing, telephony service, and network connectivityfor e-mail and web browsing, for example. Mobile device users oftendepend on the multiple applications installed on these mobile devices tocomplete tasks in their professional lives and to provide entertainmentin their personal lives. Users may rely on their mobile devices to storeand access large amounts of content (e.g., image, audio, and videofiles) and sensitive information (e.g., financial data or personalinformation). The loss or theft of a mobile device can create securityconcerns for a user and can be particularly troublesome or upsetting,especially if data stored on the device is sensitive or irreplaceable.

SUMMARY

A technique, method, apparatus, and system are described to securelylocate a mobile device. In general, in one aspect, a method is provided.The method includes receiving first information from a first device,where the first information is usable to identify a geographic locationof the first device. The first information is verified as originatingfrom the first device. A first request for the geographic location ofthe first device is received, where the first request includes secondinformation associated with a user associated with the first device. Thegeographic location of the first device is provided to the user at asecond device.

Implementations can include one or more of the following features. Thesecond information associated with the user can be an identifier of theuser. After verifying that the first information originated from thefirst device, the geographic location of the first device can be storedin a repository, and in response to receiving the first request, thesecond information can be used to index into the repository to retrievethe geographic location of the first device. In response to receivingthe first request, a second request can be transmitted to the firstdevice for an updated geographic location of the first device, and thirdinformation can be received from the first device, where the thirdinformation is usable to identify an updated geographic location of thefirst device. Third information can be received from the first device,where the third information identifies the first device and is used toverify that the first information originated from the first device. Thefirst information and the third information identifying the first devicecan be received from the first device in a Domain Name System (DNS)message. Alternatively, the first information can be included in a textmessage that is digitally signed with a private key of the first device.Verifying that the first information originated from the first devicecan further include authenticating the digitally signed text message. Amap of the geographic location of the first device can be provided tothe user at the second device. The first device can be a mobile devicethat includes a telephony application. The first device can be a mobiledevice that includes a multi-touch-sensitive display. It can bedetermined if the geographic location of the first device is outside aregion specified by the user, and if the geographic location of thefirst device is outside the region, data stored on the first device canbe caused to be erased, where the data to be erased is specified by theuser.

Other implementations are disclosed, including implementations directedto methods, systems, and computer-readable mediums.

Particular embodiments of the subject matter described in thisspecification can be implemented to realize one or more of the followingadvantages. A mobile device user can log into a mobile serviceapplication with a user identifier to view a last known geographiclocation of the user's missing mobile device. The mobile serviceapplication can present to the user on a host device the last knowngeographic location of the missing mobile device as an address,geographic coordinates, or as a location on a map. The user can requestthat the mobile device transmit an updated location to the mobileservice application for presentation to the user on the host device.

DESCRIPTION OF DRAWINGS

FIG. 1A is a block diagram of an example mobile device.

FIG. 1B is a block diagram of an example mobile device.

FIG. 2 is a block diagram of an example network operating environmentfor the mobile devices of FIGS. 1A-1B.

FIG. 3 is a block diagram of an example implementation of the mobiledevices of FIGS. 1A-1B.

FIG. 4A illustrates an example implementation of a software stack forthe mobile devices of FIGS. 1A-1B.

FIG. 4B illustrates an example implementation of a security process forremote access management over a secure communications channel.

FIG. 5 is a flow diagram of an example secure location process for adevice.

FIG. 6A illustrates an example of providing a geographic location of themobile device of FIG. 1A to a user at a host device.

FIG. 6B illustrates an example of providing a record of call activity ofthe mobile device of FIG. 1A to a user at a host device.

FIG. 6C illustrates an example of providing a record of web browsingactivity of the mobile device of FIG. 1A to a user at a host device.

DETAILED DESCRIPTION Example Mobile Device

FIG. 1A is a block diagram of an example mobile device 100. The mobiledevice 100 can be, for example, a handheld computer, a personal digitalassistant, a cellular telephone, a network appliance, a camera, a smartphone, an enhanced general packet radio service (EGPRS) mobile phone, anetwork base station, a media player, a navigation device, an emaildevice, a game console, or a combination of any two or more of thesedata processing devices or other data processing devices.

Mobile Device Overview

In some implementations, the mobile device 100 includes atouch-sensitive display 102. The touch-sensitive display 102 canimplement liquid crystal display (LCD) technology, light emittingpolymer display (LPD) technology, or some other display technology. Thetouch-sensitive display 102 can be sensitive to haptic and/or tactilecontact with a user.

In some implementations, the touch-sensitive display 102 can comprise amulti-touch-sensitive display 102. A multi-touch-sensitive display 102can, for example, process multiple simultaneous touch points, includingprocessing data related to the pressure, degree, and/or position of eachtouch point. Such processing facilitates gestures and interactions withmultiple fingers, chording, and other interactions. Othertouch-sensitive display technologies can also be used, e.g., a displayin which contact is made using a stylus or other pointing device. Someexamples of multi-touch-sensitive display technology are described inU.S. Pat. Nos. 6,323,846, 6,570,557, 6,677,932, and 6,888,536, each ofwhich is incorporated by reference herein in its entirety.

In some implementations, the mobile device 100 can display one or moregraphical user interfaces on the touch-sensitive display 102 forproviding the user access to various system objects and for conveyinginformation to the user. In some implementations, the graphical userinterface can include one or more display objects 104, 106. In theexample shown, the display objects 104, 106, are graphic representationsof system objects. Some examples of system objects include devicefunctions, applications, windows, files, alerts, events, or otheridentifiable system objects.

Example Mobile Device Functionality

In some implementations, the mobile device 100 can implement multipledevice functionalities, such as a telephony device, as indicated by aphone object 110; an e-mail device, as indicated by the e-mail object112; a network data communication device, as indicated by the Web object114; a Wi-Fi base station device (not shown); and a media processingdevice, as indicated by the media player object 116. In someimplementations, particular display objects 104, e.g., the phone object110, the e-mail object 112, the Web object 114, and the media playerobject 116, can be displayed in a menu bar 118. In some implementations,device functionalities can be accessed from a top-level graphical userinterface, such as the graphical user interface illustrated in FIG. 1A.Touching one of the objects 110, 112, 114, or 116 can, for example,invoke corresponding functionality.

In some implementations, the mobile device 100 can implement networkdistribution functionality. For example, the functionality can enablethe user to take the mobile device 100 and provide access to itsassociated network while traveling. In particular, the mobile device 100can extend Internet access (e.g., Wi-Fi) to other wireless devices inthe vicinity. For example, mobile device 100 can be configured as a basestation for one or more devices. As such, mobile device 100 can grant ordeny network access to other wireless devices.

In some implementations, upon invocation of device functionality, thegraphical user interface of the mobile device 100 changes, or isaugmented or replaced with another user interface or user interfaceelements, to facilitate user access to particular functions associatedwith the corresponding device functionality. For example, in response toa user touching the phone object 110, the graphical user interface ofthe touch-sensitive display 102 may present display objects related tovarious phone functions; likewise, touching of the email object 112 maycause the graphical user interface to present display objects related tovarious e-mail functions; touching the Web object 114 may cause thegraphical user interface to present display objects related to variousWeb-surfing functions; and touching the media player object 116 maycause the graphical user interface to present display objects related tovarious media processing functions.

In some implementations, the top-level graphical user interfaceenvironment or state of FIG. 1A can be restored by pressing a button 120located near the bottom of the mobile device 100. In someimplementations, each corresponding device functionality may havecorresponding “home” display objects displayed on the touch-sensitivedisplay 102, and the graphical user interface environment of FIG. 1A canbe restored by pressing the “home” display object.

In some implementations, the top-level graphical user interface caninclude additional display objects 106, such as a short messagingservice (SMS) object 130, a calendar object 132, a photos object 134, acamera object 136, a calculator object 138, a stocks object 140, aweather object 142, a maps object 144, a notes object 146, a clockobject 148, an address book object 150, and a settings object 152.Touching the SMS display object 130 can, for example, invoke an SMSmessaging environment and supporting functionality; likewise, eachselection of a display object 132, 134, 136, 138, 140, 142, 144, 146,148, 150, and 152 can invoke a corresponding object environment andfunctionality.

Additional and/or different display objects can also be displayed in thegraphical user interface of FIG. 1A. For example, if the device 100 isfunctioning as a base station for other devices, one or more“connection” objects may appear in the graphical user interface toindicate the connection. In some implementations, the display objects106 can be configured by a user, e.g., a user may specify which displayobjects 106 are displayed, and/or may download additional applicationsor other software that provides other functionalities and correspondingdisplay objects.

In some implementations, the mobile device 100 can include one or moreinput/output (I/O) devices and/or sensor devices. For example, a speaker160 and a microphone 162 can be included to facilitate voice-enabledfunctionalities, such as phone and voice mail functions. In someimplementations, an up/down button 184 for volume control of the speaker160 and the microphone 162 can be included. The mobile device 100 canalso include an on/off button 182 for a ring indicator of incoming phonecalls. In some implementations, a loud speaker 164 can be included tofacilitate hands-free voice functionalities, such as speaker phonefunctions. An audio jack 166 can also be included for use of headphonesand/or a microphone.

In some implementations, a proximity sensor 168 can be included tofacilitate the detection of the user positioning the mobile device 100proximate to the user's ear and, in response, to disengage thetouch-sensitive display 102 to prevent accidental function invocations.In some implementations, the touch-sensitive display 102 can be turnedoff to conserve additional power when the mobile device 100 is proximateto the user's ear.

Other sensors can also be used. For example, in some implementations, anambient light sensor 170 can be utilized to facilitate adjusting thebrightness of the touch-sensitive display 102. In some implementations,an accelerometer 172 can be utilized to detect movement of the mobiledevice 100, as indicated by the directional arrow 174. Accordingly,display objects and/or media can be presented according to a detectedorientation, e.g., portrait or landscape. In some implementations, themobile device 100 may include circuitry and sensors for supporting alocation determining capability, such as that provided by the globalpositioning system (GPS) or other positioning systems (e.g., systemsusing Wi-Fi access points, television signals, cellular grids, UniformResource Locators (URLs)). In some implementations, a positioning system(e.g., a GPS receiver) can be integrated into the mobile device 100 orprovided as a separate device that can be coupled to the mobile device100 through an interface (e.g., port device 190) to provide access tolocation-based services or secure device location services.

In some implementations, a port device 190, e.g., a Universal Serial Bus(USB) port, or a docking port, or some other wired port connection, canbe included. The port device 190 can, for example, be utilized toestablish a wired connection to other computing devices, such as othercommunication devices 100, network access devices, a personal computer,a printer, a display screen, or other processing devices capable ofreceiving and/or transmitting data. In some implementations, the portdevice 190 allows the mobile device 100 to synchronize with a hostdevice using one or more protocols, such as, for example, the TCP/IP,HTTP, UDP and any other known protocol. In some implementations, aTCP/IP over USB protocol can be used, as described in U.S. ProvisionalPatent Application No. 60/945,904, filed Jun. 22, 2007, for “MultiplexedData Stream Protocol,” Attorney Docket No. 004860.P5490, whichprovisional patent application is incorporated by reference herein inits entirety.

The mobile device 100 can also include a camera lens and sensor 180. Insome implementations, the camera lens and sensor 180 can be located onthe back surface of the mobile device 100. The camera can capture stillimages and/or video.

The mobile device 100 can also include one or more wirelesscommunication subsystems, such as an 802.11b/g communication device 186,and/or a Bluetooth™ communication device 188. Other communicationprotocols can also be supported, including other 802.x communicationprotocols (e.g., WiMax, Wi-Fi, 3G), code division multiple access(CDMA), global system for mobile communications (GSM), general packetradio service (GPRS), Enhanced Data GSM Environment (EDGE), etc.

Example Mobile Device

FIG. 1B is a block diagram of an example mobile device 101. The mobiledevice 101 can be, for example, a handheld computer, a personal digitalassistant, a network appliance, a camera, a network base station, amedia player, a navigation device, an email device, a game console, or acombination of any two or more of these data processing devices or otherdata processing devices. In some implementations, device 101 shown inFIG. 1B is an example of how device 100 can be configured to display adifferent set of objects. In some implementations, device 101 has adifferent set of device functionalities than device 100 shown in FIG.1A, but otherwise operates in a similar manner to device 100.

Mobile Device Overview

In some implementations, the mobile device 101 includes atouch-sensitive display 102, which can be sensitive to haptic and/ortactile contact with a user. In some implementations, the mobile device101 can display one or more graphical user interfaces on thetouch-sensitive display 102 for providing the user access to varioussystem objects and for conveying information to the user.

Mobile Device Functionality

In some implementations, the mobile device 101 can implement multipledevice functionalities, such as a music processing device, as indicatedby the music player object 124, a video processing device, as indicatedby the video player object 125, a digital photo album device, asindicated by the photos object 134, and a network data communicationdevice for online shopping, as indicated by the store object 126. Insome implementations, particular display objects 104, e.g., the musicplayer object 124, the video player object 125, the photos object 134,and store object 126, can be displayed in a menu bar 118. In someimplementations, device functionalities can be accessed from a top-levelgraphical user interface, such as the graphical user interfaceillustrated in FIG. 1B. Touching one of the objects 124, 125, 134, or126 can, for example, invoke corresponding functionality.

In some implementations, the top-level graphical user interface ofmobile device 101 can include additional display objects 106, such asthe Web object 114, the calendar object 132, the address book object150, the clock object 148, the calculator object 138, and the settingsobject 152 described above with reference to mobile device 100 of FIG.1A. In some implementations, the top-level graphical user interface caninclude other display objects, such as a Web video object 123 thatprovides functionality for uploading and playing videos on the Web. Eachselection of a display object 114, 123, 132, 150, 148, 138, and 152 caninvoke a corresponding object environment and functionality.

Additional and/or different display objects can also be displayed in thegraphical user interface of FIG. 1B. In some implementations, thedisplay objects 106 can be configured by a user. In someimplementations, upon invocation of device functionality, the graphicaluser interface of the mobile device 101 changes, or is augmented orreplaced with another user interface or user interface elements, tofacilitate user access to particular functions associated with thecorresponding device functionality.

In some implementations, the mobile device 101 can include one or moreinput/output (I/O) devices 160, 162, 164, and 166, a volume controldevice 184, sensor devices 168, 170, 172, and 180, wirelesscommunication subsystems 186 and 188, and a port device 190 or someother wired port connection described above with reference to mobiledevice 100 of FIG. 1A.

Network Operating Environment

FIG. 2 is a block diagram of an example network operating environment200. In FIG. 2, mobile devices 202 a and 202 b each can represent mobiledevice 100 or 101. Mobile devices 202 a and 202 b can, for example,communicate over one or more wired and/or wireless networks 210 in datacommunication. For example, a wireless network 212, e.g., a cellularnetwork, can communicate with a wide area network (WAN) 214, such as theInternet, by use of a gateway 216. Likewise, an access device 218, suchas an 802.11g wireless access device, can provide communication accessto the wide area network 214. In some implementations, both voice anddata communications can be established over the wireless network 212 andthe access device 218. For example, the mobile device 202 a can placeand receive phone calls (e.g., using VoIP protocols), send and receivee-mail messages (e.g., using POP3 protocol), and retrieve electronicdocuments and/or streams, such as web pages, photographs, and videos,over the wireless network 212, gateway 216, and wide area network 214(e.g., using TCP/IP or UDP protocols). Likewise, in someimplementations, the mobile device 202 b can place and receive phonecalls, send and receive e-mail messages, and retrieve electronicdocuments over the access device 218 and the wide area network 214. Insome implementations, the mobile device 202 a or 202 b can be physicallyconnected to the access device 218 using one or more cables and theaccess device 218 can be a personal computer. In this configuration, themobile device 202 a or 202 b can be referred to as a “tethered” device.

The mobile devices 202 a and 202 b can also establish communications byother means. For example, the wireless device 202 a can communicate withother wireless devices, e.g., other mobile devices 202 a or 202 b, cellphones, etc., over the wireless network 212. Likewise, the mobiledevices 202 a and 202 b can establish peer-to-peer communications 220,e.g., a personal area network, by use of one or more communicationsubsystems, such as the Bluetooth™ communication devices 188 shown inFIGS. 1A-1B. Other communication protocols and topologies can also beimplemented.

The mobile device 202 a or 202 b can, for example, communicate with oneor more services 230, 240, 250, 260, 270, and 280 over the one or morewired and/or wireless networks 210. For example, a navigation service230 can provide navigation information, e.g., map information, locationinformation, route information, and other information, to the mobiledevice 202 a or 202 b. A user of the mobile device 202 b can invoke amap functionality, e.g., by pressing the maps object 144 on thetop-level graphical user interface shown in FIG. 1A, and can request andreceive a map for a particular location.

A messaging service 240 can, for example, provide e-mail and/or othermessaging services. A media service 250 can, for example, provide accessto media files, such as song files, audio books, movie files, videoclips, and other media data. In some implementations, separate audio andvideo services (not shown) can provide access to the respective types ofmedia files. A syncing service 260 can, for example, perform syncingservices (e.g., sync files). An activation service 270 can, for example,perform an activation process for activating the mobile device 202 a or202 b. A location service 280 can, for example, perform the process 500for securely locating the mobile device 202 a or 202 b and providing thelocation to a user on a host device, as described in reference to FIG.5. For example, the location service 280 can receive from the mobiledevice 202 a or 202 b location information pushed or pulledautomatically, e.g., at scheduled intervals. Other services can also beprovided, including a software update service that automaticallydetermines whether software updates exist for software on the mobiledevice 202 a or 202 b, then downloads the software updates to the mobiledevice 202 a or 202 b where the software updates can be manually orautomatically unpacked and/or installed.

The mobile device 202 a or 202 b can also access other data and contentover the one or more wired and/or wireless networks 210. For example,content publishers, such as news sites, RSS feeds, web sites, blogs,social networking sites, developer networks, etc., can be accessed bythe mobile device 202 a or 202 b. Such access can be provided byinvocation of a web browsing function or application (e.g., a browser)in response to a user touching the Web object 114.

Example Mobile Device Architecture

FIG. 3 is a block diagram 300 of an example implementation of the mobiledevices 100 and 101 of FIGS. 1A-1B, respectively. The mobile device 100or 101 can include a memory interface 302, one or more data processors,image processors and/or central processing units 304, and a peripheralsinterface 306. The memory interface 302, the one or more processors 304and/or the peripherals interface 306 can be separate components or canbe integrated in one or more integrated circuits. The various componentsin the mobile device 100 or 101 can be coupled by one or morecommunication buses or signal lines.

Sensors, devices, and subsystems can be coupled to the peripheralsinterface 306 to facilitate multiple functionalities. For example, amotion sensor 310, a light sensor 312, and a proximity sensor 314 can becoupled to the peripherals interface 306 to facilitate the orientation,lighting, and proximity functions described with respect to FIG. 1A.Other sensors 316 can also be connected to the peripherals interface306, such as a positioning system (e.g., GPS receiver), a temperaturesensor, a biometric sensor, or other sensing device, to facilitaterelated functionalities.

A camera subsystem 320 and an optical sensor 322, e.g., a chargedcoupled device (CCD) or a complementary metal-oxide semiconductor (CMOS)optical sensor, can be utilized to facilitate camera functions, such asrecording photographs and video clips.

Communication functions can be facilitated through one or more wirelesscommunication subsystems 324, which can include radio frequencyreceivers and transmitters and/or optical (e.g., infrared) receivers andtransmitters. The specific design and implementation of thecommunication subsystem 324 can depend on the communication network(s)over which the mobile device 100 or 101 is intended to operate. Forexample, a mobile device 100 or 101 may include communication subsystems324 designed to operate over a GSM network, a GPRS network, an EDGEnetwork, a Wi-Fi or WiMax network, and a Bluetooth™ network. Inparticular, the wireless communication subsystems 324 may includehosting protocols such that the device 100 or 101 may be configured as abase station for other wireless devices.

An audio subsystem 326 can be coupled to a speaker 328 and a microphone330 to facilitate voice-enabled functions, such as voice recognition,voice replication, digital recording, and telephony functions.

The I/O subsystem 340 can include a touch screen controller 342 and/orother input controller(s) 344. The touch-screen controller 342 can becoupled to a touch screen 346. The touch screen 346 and touch screencontroller 342 can, for example, detect contact and movement or breakthereof using any of a plurality of touch sensitivity technologies,including but not limited to capacitive, resistive, infrared, andsurface acoustic wave technologies, as well as other proximity sensorarrays or other elements for determining one or more points of contactwith the touch screen 346.

The other input controller(s) 344 can be coupled to other input/controldevices 348, such as one or more buttons, rocker switches, thumb-wheel,infrared port, USB port, and/or a pointer device such as a stylus. Theone or more buttons (not shown) can include an up/down button for volumecontrol of the speaker 328 and/or the microphone 330.

In one implementation, a pressing of the button for a first duration maydisengage a lock of the touch screen 346; and a pressing of the buttonfor a second duration that is longer than the first duration may turnpower to the mobile device 100 or 101 on or off. The user may be able tocustomize a functionality of one or more of the buttons. The touchscreen 346 can, for example, also be used to implement virtual or softbuttons and/or a keyboard.

In some implementations, the mobile device 100 or 101 can presentrecorded audio and/or video files, such as MP3, AAC, and MPEG files. Insome implementations, the mobile device 100 or 101 can include thefunctionality of an MP3 player, such as an iPod™. The mobile device 100or 101 may, therefore, include a 36-pin connector that is compatiblewith the iPod. Other input/output and control devices can also be used.

The memory interface 302 can be coupled to memory 350. The memory 350can include high-speed random access memory and/or non-volatile memory,such as one or more magnetic disk storage devices, one or more opticalstorage devices, and/or flash memory (e.g., NAND, NOR). The memory 350can store an operating system 352, such as Darwin, RTXC, LINUX, UNIX, OSX, WINDOWS, or an embedded operating system such as VxWorks. Theoperating system 352 may include instructions for handling basic systemservices and for performing hardware dependent tasks. In someimplementations, the operating system 352 can be a kernel (e.g., UNIXkernel), as described in reference to FIGS. 4A and 4B.

The memory 350 may also store communication instructions 354 tofacilitate communicating with one or more additional devices, one ormore computers and/or one or more servers. The memory 350 may includegraphical user interface instructions 356 to facilitate graphic userinterface processing; sensor processing instructions 358 to facilitatesensor-related processing and functions; phone instructions 360 tofacilitate phone-related processes and functions; electronic messaginginstructions 362 to facilitate electronic-messaging related processesand functions; web browsing instructions 364 to facilitate webbrowsing-related processes and functions; media processing instructions366 to facilitate media processing-related processes and functions;GPS/Navigation instructions 368 to facilitate GPS and navigation-relatedprocesses and instructions; camera instructions 370 to facilitatecamera-related processes and functions; and/or other softwareinstructions 372 to facilitate other processes and functions, e.g.,security processes and functions as described in reference to FIGS. 4Aand 4B. The memory 350 may also store other software instructions (notshown), such as web video instructions to facilitate web video-relatedprocesses and functions; and/or web shopping instructions to facilitateweb shopping-related processes and functions. In some implementations,the media processing instructions 366 are divided into audio processinginstructions and video processing instructions to facilitate audioprocessing-related processes and functions and video processing-relatedprocesses and functions, respectively. An activation record andInternational Mobile Equipment Identity (IMEI) 374 or similar hardwareidentifier can also be stored in memory 350.

Each of the above identified instructions and applications cancorrespond to a set of instructions for performing one or more functionsdescribed above. These instructions need not be implemented as separatesoftware programs, procedures, or modules. The memory 350 can includeadditional instructions or fewer instructions. Furthermore, variousfunctions of the mobile device 100 or 101 may be implemented in hardwareand/or in software, including in one or more signal processing and/orapplication specific integrated circuits.

Software Stack and Security Process

FIG. 4A illustrates an example implementation of a software stack 400for the mobile devices of FIGS. 1A-1B. In some implementations, thesoftware stack 400 includes an operating system (OS) kernel 402 (e.g., aUNIX kernel), a library system 404, an application framework 406, and anapplications layer 408.

The OS kernel 402 manages the resources of the mobile device 100 or 101and allows other programs to run and use these resources. Some examplesof resources include a processor, memory, and I/O. For example, thekernel 402 can determine which running processes should be allocated toa processor, processors or processor cores, allocates memory to theprocesses and allocates requests from applications and remote servicesto perform I/O operations. In some implementations, the kernel 402provides methods for synchronization and inter-process communicationswith other devices.

In some implementations, the kernel 402 can be stored in non-volatilememory of the mobile device 100 or 101. When the mobile device 100 or101 is turned on, a boot loader starts executing the kernel 102 insupervisor mode. The kernel then initializes itself and starts one ormore processes for the mobile device 100 or 101, including a securityprocess 410 for remote access management, as described in reference toFIG. 4B.

The library system 404 provides various services for applicationsrunning in the application layer 408. Such services can include audioservices, video services, database services, image processing services,graphics services, etc.

The application framework 406 provides an object-oriented applicationenvironment including classes and Application Programming Interfaces(APIs) that can be used by developers to build applications usingwell-known programming languages (e.g., Objective-C, Java).

The applications layer 408 is where various applications exist in thesoftware stack 400. Developers can use the APIs and environment providedby the application framework 406 to build applications, such as theapplications represented by the display objects 104, 106, shown in FIGS.1A-1B (e.g., email, media player, Web browser, phone, music player,video player, photos, and store).

Secure Communication Channel

FIG. 4B illustrates an example implementation of a security process 410for remote access management over a secure communications channel 422.In the example shown, the mobile device 412, e.g., mobile device 100 or101, is running the security process 410, which communicates with the OSkernel 402. Any remote access requests made to the kernel 402 areintercepted by the security process 410, which is responsible forsetting up secure communication sessions between the mobile device 412and a mobile services access device 218. In some implementations, theprocess 410 uses a cryptographic protocol, such as Secure Sockets Layer(SSL) or Transport Layer Security (TLS) to provide secure communicationsbetween the mobile device 412 and the access device 218. The accessdevice 218 can be any device with network connectivity, including butnot limited to: a personal computer, a hub, an Ethernet card, anothermobile device, a wireless base station, etc. The secure communicationschannel can be a Universal Serial Bus (USB), Ethernet, a wireless link(e.g., Wi-Fi, WiMax, 3G), an optical link, infrared link, FireWire™, orany other known communications channel or media.

In the example shown, the access device 218 includes device drivers 414,a mobile services daemon 416, a mobile services API 418, and one or moremobile service applications 420. The device drivers 414 are responsiblefor implementing the transport layer protocol, such as TCP/IP over USB.The mobile services daemon 416 listens (e.g., continuously) to thecommunications channel 422 for activity and manages the transmission ofcommands and data over the communication channel 422. The mobileservices API 418 provides a set of functions, procedures, variables, anddata structures for supporting requests for services made by the mobileservices application 420. The mobile services application 420 can be aclient program running on the access device 218, which provides one ormore user interfaces for allowing a user to interact with a remoteservice (e.g., activation service 270) over a network (e.g., theInternet, wireless network, peer-to-peer network, optical network,Ethernet, intranet). In some implementations, a device activationprocess can be used, as described in co-pending U.S. patent applicationSer. No. 11/767,447, filed Jun. 22, 2007, for “Device Activation andAccess,” Attorney Docket No. P5408US1/18962-113001, which patentapplication is incorporated by reference herein in its entirety. Theapplication 420 can allow a user to set preferences, download or updatefiles of content or software, search databases, store user data, selectservices, browse content, perform financial transactions, or engage inany other online service or function. An example of a mobile servicesapplication 420 is the iTunes™ client, which is publicly available fromApple Inc. (Cupertino, Calif.). An example of a mobile device 412 thatuses the iTunes™ client is the iPod™ product developed by Apple Inc.Another example of a mobile device 412 that uses the iTunes™ client isthe iPhone™ product developed by Apple Inc.

In an example operational mode, a user connects the mobile device 412 tothe access device 218 using, for example, a USB cable. In otherimplementations, the mobile device 412 and access device 218 includewireless transceivers for establishing a wireless link (e.g., Wi-Fi).The drivers 414 and kernel 402 detect the connection and alert thesecurity process 410 and mobile services daemon 416 of the connectionstatus. Once the connection is established, certain non-sensitiveinformation can be passed from the mobile device 412 to the accessdevice 218 (e.g., name, disk size, activation state) to assist inestablishing a secure communication session.

In some implementations, the security process 410 establishes a securecommunication session (e.g., encrypted SSL session) with the accessdevice 218 by implementing a secure network protocol. For example, ifusing SSL protocol, the mobile device 412 and access device 218 willnegotiate a cipher suite to be used during data transfer, establish andshare a session key, and authenticate the access device 218 to themobile device 412. In some implementations, if the mobile device 412 ispassword protected, the security process 410 will not establish asession, and optionally alert the user of the reason for failure.

Once a secure session is successfully established, the mobile device 412and the access device 218 can exchange sensitive information (e.g.,passwords, personal information), and remote access to the mobile device412 can be granted to one or more services (e.g., navigation service230, messaging service 240, media service 250, syncing service 260,activation service 270, location service 280). In some implementations,the mobile services daemon 416 multiplexes commands and data fortransmission over the communication channel 422. This multiplexingallows several remote services to have access to the mobile device 412in a single session without the need to start a new session (orhandshaking) for each service requesting access to the mobile device412.

Example Secure Location Process

FIG. 5 is a flow diagram of an example secure location process 500 for adevice (e.g., mobile device 100 of FIG. 1A or mobile device 101 of FIG.1B). The process 500 can be performed when a mobile device user wishesto know where the mobile device is located. The user may have misplacedor lost the mobile device, or the mobile device may have been borrowedor stolen.

The process 500 begins by receiving first information from a firstdevice (e.g., a mobile device), where the first information is usable toidentify a geographic location of the first device (502). The firstinformation can be received by a location service (e.g., locationservice 280 of FIG. 2). The geographic location of the first device canbe determined or estimated from the first information, which can includeinformation about, for example, Wi-Fi access points, television signals,cellular grids, IP addresses, or URLs. In some implementations, thefirst information identifies a geographic location of the first deviceand includes, for example, coordinates in a geographic coordinatesystem, e.g., latitude and longitude values based on a referenceregional or world geodetic datum, such as the World Geodetic System(WGS) 84 currently used for GPS.

In some implementations, a user of the first device can activate alocation transmission feature of the first device if, by default, thefirst device does not transmit information identifying its geographiclocation. For example, an owner of a mobile device (e.g., mobile device100 of FIG. 1A) can enable the mobile device to transmit its geographiclocation by activating a location transmission feature when the userinitially sets or updates user preferences for the mobile device, e.g.,using the mobile services application 420 of FIG. 4B. In variousimplementations, the preference settings can include a setting for whenlocation transmission should occur, such as periodically (e.g., on apredetermined schedule) or when triggered by certain events (e.g., whenthe mobile device is turned on or an update location request isreceived). The location transmission can occur as a background processof the mobile device, e.g., without being initiated by the user and/orwithout the user's awareness. In some implementations, the preferencesettings can include settings for enabling tracking of mobile deviceactivity, e.g., telephone call activity and web browsing activity, aswill be described in more detail below.

In some implementations, the preference settings can include settingsallowing a user to specify that one or more actions (e.g., deleting dataor deactivating functionality) should occur if the geographic locationof the mobile device is determined to be outside a particular region orinside a particular region. For example, the user can specify that allsensitive information (e.g., financial data and personal information)stored on the mobile device is erased if a location transmission fromthe mobile device indicates that the mobile device is outside the user'shome country or in one or more specified countries.

In some implementations, the first device transmits the firstinformation identifying its geographic location over one or more wiredor wireless networks. For example, the mobile device 202 a of FIG. 2 cancommunicate its geographic location to a designated server of thelocation service 280 over the wireless network 212 (e.g., an EDGEnetwork), the gateway 216, and the wide area network 214. In anotherexample, the mobile device 202 b of FIG. 2 can communicate itsgeographic location to the designated server of the location service 280over the wide area network 214 and the access device 218, which can becoupled to the mobile device 202 b through a physical connection (e.g.,a USB cable) or a wireless connection (e.g., a Wi-Fi link). In someimplementations, the first device can also transmit the firstinformation through another device on a personal area network (e.g., aBluetooth™ network).

Returning to the process 500, the first information is checked to verifythat the first information originated from the first device (504). Insome implementations, additional information identifying the firstdevice can be received from the first device. In some implementations,the additional information identifying the first device is a uniqueserial number or identifier for the first device, e.g., an IMEI 374stored in the mobile device memory 350 of FIG. 3. The informationidentifying the first device can be used to verify that the informationidentifying the geographic location originated from the first device.

In some implementations, an identifier for the first device and thegeographic location of the first device are received from the firstdevice in a Domain Name System (DNS) message sent using, for example,TCP/IP or UDP protocols. In particular, a mobile device (e.g., themobile device 202 b of FIG. 2) can transmit its IMEI and geographiccoordinates in a DNS record (e.g., a TXT record) of a DNS message to adesignated server of the location service 280. The transmission canoccur when, for example, the mobile device is powered on and attempts toregister on a network (e.g., a telecommunications carrier network) orwith a mobile service (e.g., the mobile services application 420 of FIG.4B). The origin of the first information identifying the geographiclocation can be verified as the first device identified by theidentifier.

In some implementations, the first information identifying thegeographic location can be transmitted by the first device as a textmessage that is digitally signed with a private key of the first device.For example, a mobile device (e.g., the mobile device 202 a of FIG. 2)can transmit its geographic coordinates in a digitally signed SMSmessage to a phone number (e.g., a designated phone number) of thelocation service 280 over the wireless network 212 of FIG. 2. Thecontents of the SMS message can be signed with a private key of themobile device, allowing the location service 280 to verify that thegeographic coordinates originated from the mobile device byauthenticating the digitally signed SMS message. Once the SMS message isauthenticated, an identifier for the mobile device (e.g., an IMEI) canbe determined, for example, based on the private key of the mobiledevice.

In some implementations, the first information identifying thegeographic location can be transmitted by the first device as an HTTPrequest. For example, when a user of the mobile device is web browsing(e.g., after invoking a web browsing application by touching the Webobject 114 of FIG. 1A), a web browser running on the mobile device cansend an HTTP request to a designated URL (e.g., for the location service280) with the first information identifying the mobile device'sgeographic location appended to the designated URL. The HTTP request canbe sent as a background process and/or in parallel with a user-initiatedHTTP request. In some implementations, the HTTP request to thedesignated URL includes an identifier for the mobile device to allow theorigin of the geographic location to be verified.

If the first information fails the origin verification check (“No”branch of decision 504), the first information can be discarded (506).This may occur, for example, if the text message was not properly signedwith the private key of the first device.

If the first information is verified as originating from the firstdevice (“Yes” branch of decision 504), the geographic location of thefirst device can be stored in a repository (508). For example, in someimplementations, the location service maintains a relational database orregistry (e.g., MySQL™) of device information, including deviceidentifiers (e.g., IMEI) and device location information (e.g.,geographic coordinates). Using this database or registry, the locationservice knows, for example, that a particular device with a particularidentifier associated with a particular user identifier had a particulargeographic location at a particular time on a particular date.

A request for the geographic location of the first device is received,where the request includes second information associated with a user,where the user is associated with (e.g., the owner of or a registereduser of) the first device (510). In some implementations, the secondinformation associated with the user can be an identifier of the user.The request can be sent by the user from a host device (e.g., a personalcomputer) and received by a location service (e.g., location service 280of FIG. 2). For example, after the user realizes that the user's mobiledevice is lost or stolen, the user can use a host device to log in usinga user identifier to a mobile service application (e.g., the mobileservice application 420 of FIG. 4B) to request to view the last knowngeographic location of the user's mobile device. In response, the mobileservice application can send a request to the location service toretrieve the last known geographic location of the mobile device. Insome implementations, the request includes the identifier for the firstdevice in addition to the second information associated with the user.

If the user is associated with the first device (e.g., is the owner or aregistered user of the first device), the second information associatedwith the user (e.g., the user identifier) can be associated in therepository with the identifier for the first device. The secondinformation can be used to index into the repository to retrieve thegeographic location of the first device in response to receiving therequest (512). For example, for each user identifier, the repository canhave a different entry, record, or table with stored information aboutthe associated first device, including the geographic locations and thedates and times they were received from the first device.

In some implementations, in response to receiving the request for thelast known geographic location, a second request is transmitted to thefirst device for an updated geographic location of the first device. Forexample, if the amount of time that has passed since the last knowngeographic location was received exceeds a predetermined threshold(e.g., 2 hours, 12 hours, 24 hours, etc.), the location service canrequest that the first device updates its geographic location. In someimplementations, the location service requests that the first devicecontinues to update its geographic location, for example, on a scheduledbasis or when triggered by certain events. If the first device ispresently powered on when the location service sends the request, thefirst device can transmit an updated geographic location (or informationusable to identify an updated geographic location), for example, byembedding the updated geographic location in a DNS message or a textmessage, as described above. The updated geographic location can bereceived and its origin verified before the updated geographic locationis stored as the last known geographic location in the repository.Alternatively, if the first device is presently powered off when thelocation service sends the request, the location service can abort theupdate request and/or reschedule the request to be sent when the firstdevice is next powered on.

The geographic location (e.g., the last known geographic location) ofthe first device is provided to the user at a second device (e.g., thehost device) (514). In some implementations, one or more of an address,geographic coordinates, and a map of the geographic location areprovided to the user.

In some implementations, the process 500 can be performed without beingrequested by the first device user. For example, if both a mobile deviceand a user associated with the mobile device (e.g., the owner or aregistered user of the mobile device) are missing, law enforcementofficials can request that the process 500 be performed to determine thelast known geographic location of the missing mobile device in the hopeof also finding the user associated with the missing mobile device.

Example Device Location Function

FIG. 6A illustrates an example 600 of providing a geographic location ofthe mobile device of FIG. 1A to a user at a host device. The example 600illustrates a device location interface 620 displayed on a screen 610 ofa display device, which can be part of or coupled to a host device. Insome implementations, the user can access the device location interface620 through the mobile service application 420 of FIG. 4B. The devicelocation interface 620 includes the identifier 622 of the userassociated with the missing mobile device. The device location interface620 can include the last known geographic location of the mobile deviceas an address 624 with a date and time 626 indicating when the lastknown geographic location was received from the mobile device. In someimplementations, the device location interface 620 includes a map 628with the last known geographic location of the mobile device indicatedon the map 628, e.g., as a star 630 on the map 628. Alternatively or inaddition, the device location interface 620 can display the last knowngeographic location of the mobile device as geographic coordinates(e.g., latitude and longitude values). The last known geographiclocation can help the user recover the mobile device, e.g., byretrieving the mobile device if it was simply lost or misplaced, or bycontacting law enforcement officials to help recover the mobile deviceif it was stolen.

In some implementations, the device location interface 620 includes aselectable user interface element (e.g., button 632) that allows theuser to enable activity tracking on the mobile device. The user may wishto enable activity tracking if the user suspects that the missing mobiledevice is being used by someone (e.g., a person who found, borrowed, orstole the mobile device). For example, information gained by enablingactivity tracking may be used by law enforcement officials to helpdetermine the identity of the person who presently has the mobiledevice.

User selection of the activity tracking element can trigger the locationservice (e.g., the location service 280 of FIG. 2) to send a request tothe mobile device to begin tracking device activity and sendinginformation about the activity to the location service. For example, thelocation service 280 can send a message (e.g., as a remote accessrequest) to the security process 410 running on the mobile device 412 ofFIG. 4B to begin monitoring one or more applications residing on theapplications layer 408 of the mobile device software stack 400 of FIG.4A. Information about applications activity (e.g., information aboutphone calls, web browsing, e-mails, etc.) can be gathered by the mobiledevice and sent to the location service to be provided to the user.

Example Call Activity Function

FIG. 6B illustrates an example 645 of providing a record of callactivity 648 of the mobile device of FIG. 1A to a user at a host device.The record of call activity 648 can be presented to a user in responseto the user enabling device activity tracking (e.g., by selecting thebutton 632 of FIG. 6A) and the location service receiving telephone callactivity information from the mobile device.

The example 645 illustrates a call activity interface 640 displayed onthe screen 610 of the display device of the host device. In someimplementations, the user can access the call activity interface 640through the mobile service application 420 of FIG. 4B. The call activityinterface 640 includes the user identifier 622 and the record of callactivity 648. The record of call activity 648 can include a log of callsinitiated by the mobile device, a log of calls received by the mobiledevice, the dates and times of the calls, and the mobile device's lastknown geographic locations at the times of the calls. In someimplementations, the record of call activity 648 includes otherinformation, such as call durations. The last known geographic locationscan be displayed, for example, as addresses or geographic coordinates.In some implementations, the last known geographic locations arepresented as selectable links which, when selected, can trigger thedisplay of a map with the selected location indicated, such as the map628 of FIG. 6A. The record of initiated and received calls may be usedby law enforcement officials to help determine the identity of theperson who presently has the mobile device.

Example Web Activity Function

FIG. 6C illustrates an example 655 of providing a record of web browsingactivity 658 of the mobile device of FIG. 1A to a user at a host device.The record of web browsing activity 658 can be presented to a user inresponse to the user enabling device activity tracking (e.g., byselecting the button 632 of FIG. 6A) and the location service receivingweb browsing activity information from the mobile device.

The example 655 illustrates a web activity interface 650 displayed onthe screen 610. In some implementations, the user can access the webactivity interface 650 through the mobile service application 420 ofFIG. 4B. The web activity interface 650 includes the user identifier 622and the record of web browsing activity 658. The record of web browsingactivity 658 can include a log of addresses for the web sites visited,the dates and times of the site visits, and the mobile device's lastknown geographic locations at the times of the site visits. In someimplementations, the web site addresses are displayed as URLs or IPaddresses. In some implementations, the record of web browsing activity658 includes other information. The last known geographic locations canbe displayed as addresses or geographic coordinates. In someimplementations, selection of one of the displayed last known geographiclocations can trigger the display of a map with the selected locationindicated, such as the map 628 of FIG. 6A.

The described features can be implemented advantageously in one or morecomputer programs that are executable on a programmable system includingat least one programmable processor coupled to receive data andinstructions from, and to transmit data and instructions to, a datastorage system, at least one input device, and at least one outputdevice. A computer program is a set of instructions that can be used,directly or indirectly, in a computer to perform a certain activity orbring about a certain result. A computer program can be written in anyform of programming language (e.g., Objective-C, Java), includingcompiled or interpreted languages, and it can be deployed in any form,including as a stand-alone program or as a module, component,subroutine, or other unit suitable for use in a computing environment.

Suitable processors for the execution of a program of instructionsinclude, by way of example, both general and special purposemicroprocessors, and the sole processor or one of multiple processors orcores, of any kind of computer. Generally, a processor will receiveinstructions and data from a read-only memory or a random access memoryor both. The essential elements of a computer are a processor forexecuting instructions and one or more memories for storing instructionsand data. Generally, a computer will also include, or be operativelycoupled to communicate with, one or more mass storage devices forstoring data files; such devices include magnetic disks, such asinternal hard disks and removable disks; magneto-optical disks; andoptical disks. Storage devices suitable for tangibly embodying computerprogram instructions and data include all forms of non-volatile memory,including by way of example semiconductor memory devices, such as EPROM,EEPROM, and flash memory devices; magnetic disks such as internal harddisks and removable disks; magneto-optical disks; and CD-ROM and DVD-ROMdisks. The processor and the memory can be supplemented by, orincorporated in, ASICs (application-specific integrated circuits).

To provide for interaction with a user, the features can be implementedon a computer having a display device such as a CRT (cathode ray tube)or LCD (liquid crystal display) monitor for displaying information tothe user and a keyboard and a pointing device such as a mouse or atrackball by which the user can provide input to the computer.

The features can be implemented in a computer system that includes aback-end component, such as a data server, or that includes a middlewarecomponent, such as an application server or an Internet server, or thatincludes a front-end component, such as a client computer having agraphical user interface or an Internet browser, or any combination ofthem. The components of the system can be connected by any form ormedium of digital data communication such as a communication network.Examples of communication networks include, e.g., a LAN, a WAN, and thecomputers and networks forming the Internet.

The computer system can include clients and servers. A client and serverare generally remote from each other and typically interact through anetwork. The relationship of client and server arises by virtue ofcomputer programs running on the respective computers and having aclient-server relationship to each other.

A number of implementations have been described. Nevertheless, it willbe understood that various modifications may be made. For example,elements of one or more implementations may be combined, deleted,modified, or supplemented to form further implementations. As yetanother example, the logic flows depicted in the figures do not requirethe particular order shown, or sequential order, to achieve desirableresults. In addition, other steps may be provided, or steps may beeliminated, from the described flows, and other components may be addedto, or removed from, the described systems. Accordingly, otherimplementations are within the scope of the following claims.

1. A method comprising: receiving first information from a first device,the first information usable to identify a geographic location of thefirst device; verifying that the first information originated from thefirst device; receiving a first request for the geographic location ofthe first device, the first request including second informationassociated with a user associated with the first device; and providingthe geographic location of the first device to the user at a seconddevice.
 2. The method of claim 1, where the second informationassociated with the user is an identifier of the user, and the methodfurther comprises: after verifying that the first information originatedfrom the first device, storing the geographic location of the firstdevice in a repository; and in response to receiving the first request,indexing into the repository using the second information to retrievethe geographic location of the first device.
 3. The method of claim 1,further comprising: in response to receiving the first request,transmitting a second request to the first device for an updatedgeographic location of the first device; and receiving third informationfrom the first device, the third information usable to identify anupdated geographic location of the first device.
 4. The method of claim1, further comprising: receiving third information from the firstdevice, the third information identifying the first device, where thethird information is used to verify that the first informationoriginated from the first device.
 5. The method of claim 4, where thefirst information and the third information are received from the firstdevice in a DNS message.
 6. The method of claim 1, where the firstinformation is included in a text message that is digitally signed witha private key of the first device; and verifying that the firstinformation originated from the first device further comprisesauthenticating the digitally signed text message.
 7. The method of claim1, further comprising: providing a map of the geographic location of thefirst device to the user at the second device.
 8. The method of claim 1,where the first device is a mobile device that includes a telephonyapplication.
 9. The method of claim 1, where the first device is amobile device that includes a multi-touch-sensitive display.
 10. Themethod of claim 1, further comprising: determining if the geographiclocation of the first device is outside a region specified by the userand, if the geographic location of the first device is outside theregion, causing data stored on the first device to be erased, where thedata to be erased is specified by the user.
 11. A computer-readablemedium having instructions stored thereon, which, when executed by aprocessor, causes the processor to perform operations comprising:receiving first information from a first device, the first informationusable to identify a geographic location of the first device; verifyingthat the first information originated from the first device; receiving afirst request for the geographic location of the first device, the firstrequest including second information associated with a user associatedwith the first device; and providing the geographic location of thefirst device to the user at a second device.
 12. The computer-readablemedium of claim 11, where the second information associated with theuser is an identifier of the user, and the instructions cause theprocessor to perform operations further comprising: after verifying thatthe first information originated from the first device, storing thegeographic location of the first device in a repository; and in responseto receiving the first request, indexing into the repository using thesecond information to retrieve the geographic location of the firstdevice.
 13. The computer-readable medium of claim 11, where theinstructions cause the processor to perform operations furthercomprising: in response to receiving the first request, transmitting asecond request to the first device for an updated geographic location ofthe first device; and receiving third information from the first device,the third information usable to identify an updated geographic locationof the first device.
 14. The computer-readable medium of claim 11, wherethe instructions cause the processor to perform operations furthercomprising: receiving third information from the first device, the thirdinformation identifying the first device, where the third information isused to verify that the first information originated from the firstdevice.
 15. The computer-readable medium of claim 14, where the firstinformation and the third information are received from the first devicein a DNS message.
 16. The computer-readable medium of claim 11, wherethe first information is included in a text message that is digitallysigned with a private key of the first device; and verifying that thefirst information originated from the first device further comprisesauthenticating the digitally signed text message.
 17. Thecomputer-readable medium of claim 11, where the instructions cause theprocessor to perform operations further comprising: providing a map ofthe geographic location of the first device to the user at the seconddevice.
 18. The computer-readable medium of claim 11, where the firstdevice is a mobile device that includes a telephony application.
 19. Thecomputer-readable medium of claim 11, where the first device is a mobiledevice that includes a multi-touch-sensitive display.
 20. Thecomputer-readable medium of claim 11, where the instructions cause theprocessor to perform operations further comprising: determining if thegeographic location of the first device is outside a region specified bythe user and, if the geographic location of the first device is outsidethe region, causing data stored on the first device to be erased, wherethe data to be erased is specified by the user.
 21. A system comprising:a processor; and a computer-readable medium coupled to the processor andincluding instructions, which, when executed by the processor, causesthe processor to perform operations comprising: receiving firstinformation from a first device, the first information usable toidentify a geographic location of the first device; verifying that thefirst information originated from the first device; receiving a firstrequest for the geographic location of the first device, the firstrequest including second information associated with a user associatedwith the first device; and providing the geographic location of thefirst device to the user at a second device.
 22. The system of claim 21,where the processor performs operations further comprising: receivingthird information from the first device, the third informationidentifying the first device, where the third information is used toverify that the first information originated from the first device. 23.The system of claim 22, where the first information and the thirdinformation are received from the first device in a DNS message.
 24. Thesystem of claim 21, where the first information is included in a textmessage that is digitally signed with a private key of the first device;and verifying that the first information originated from the firstdevice further comprises authenticating the digitally signed textmessage.
 25. The system of claim 21, where the processor performsoperations further comprising: providing a map of the geographiclocation of the first device to the user at the second device.